Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual

Developing Conclusions and Finalizing the Exam

• Whether the number of violations is high when compared to the bank's total activity. This evaluation usually is determined through a sampling of transactions or records. Based on this process, determinations are made concerning the overall level of noncompliance. However, even if the violations are few in number, they could reflect systemic noncompliance, depending on the severity (e.g., significant or egregious). • Whether there is evidence of similar violations by the bank in a series of transactions or in different divisions or departments. This is not an exact calculation and examiners should consider the number, significance, and frequency of violations identified throughout the organization. Violations identified within various divisions or departments may or may not indicate a systemic violation. These violations should be evaluated in a broader context to determine if training or other compliance system weaknesses are also present. • The relationship of the violations to one another (e.g., whether the violations occurred in the same area of the bank, in the same product line, in the same branch or department, or with one employee). • The impact the violation or violations have on the bank's suspicious activity monitoring and reporting capabilities. • Whether the violations appear to be grounded in a written or unwritten policy or established procedure, or result from a lack of an established procedure (e.g., the bank’s currency transaction reporting thresholds are inconsistent with BSA regulations). • Whether there is a common source or cause of the violations. • Whether the violations were the result of errors in software programming or implementation. Systemic or repeat violations of the BSA or other deficiencies could have a negative impact on the adequacy of the bank’s BSA/AML compliance program. 3 When systemic instances of noncompliance are identified, examiners should consider the noncompliance in the context of the overall program (internal controls, independent testing, designated individual or individuals, and training) and refer to Appendix R – Interagency Statement on Enforcement of Bank Secrecy Act/Anti-Money Laundering Requirements for more information regarding when a bank’s BSA/AML compliance program may be deficient as a result of systemic noncompliance. All systemic violations and substantive deficiencies should be brought to the attention of the bank’s board of directors and senior management and documented in the ROE or other supervisory correspondence directed to the board of directors. Types of systemic or repeat violations may include, but are not limited to: • Failure to establish a due diligence program that includes a risk-based approach, and when necessary, enhanced policies, procedures, and controls concerning foreign correspondent accounts.

3 The violations or deficiencies may also constitute unsafe or unsound banking practices. See 12 CFR Part 30 (OCC).

FFIEC BSA/AML Examination Manual

3

March 2020